Movestic's Data Protection Policy

Movestic is committed to keep personal data safe and we have strict policies and procedures governing how we deal with your personal data. Each of our employees is responsible for respecting and protecting the personal data to which he or she has access. In this Data Protection Policy we describe our collection, usage, storage and sharing of personal data in the light of the General Data Protection Regulation (Regulation EU 2016/679 of 27 April 2016).

For the purposes of this policy, Movestic Kapitalförvaltning AB is regarded as joint data controllers.

Personal data refers to any information relating to an identified or identifiable natural living person. Processing of Data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In our relationship with you we process the following categories of data:

Information relating to legal requirements such as information provided during due diligence and anti-money laundering requirements.

Our correspondence: if you contact us, we will typically keep a record of that correspondence.

Details of your transactions with us or holdings with us that you have made or initiated. We collect information directly from you. We can also collect data from publicly available registers, such as company registration offices and sanction lists (e.g. EU and UN). We also collect information from providers of information regarding beneficial owners and politically exposed persons.

If you provide personal data on behalf of (other) data subjects, you must ensure that you have authority to provide such personal data of the data subjects and to (i) adequately inform any such data subject about the processing of their personal data and their related rights as described in this policy and (ii) where necessary and appropriate, obtain in advance any consent that may be required for the processing of the personal data.

When we perform a contract, it is sometimes necessary to disclose personal data to companies that we cooperate with. For example, it can be necessary to disclose personal data regarding you to companies within the Movestic group. We also disclose personal data to authorities if we have a statutory obligation to do so, e.g. supervisory authorities.

We have entered into agreements with selected suppliers of IT, maintenance and support.

You have the right to access to your personal data and other supplementary information. This right may however be restricted by legislation, protection of other person´s privacy and du to negative impact on Movestic’s business secrets.

Right to correction

You have the right to request correction of incorrect or incomplete data.

Right to erasure

You have the right to request erasure if:

You withdraw your consent to the processing and there is no other legitimate reason for processing

You object to the processing for direct marketing

Processing is unlawful

The right to request erasure may however be limited due to the fact that we in many cases are obliged to retain personal data to comply with statutory obligations. We can also be entitled to continue to process personal data if the processing is carried out to manage legal claims.

Right to data limitation of processing

You have the right to obtain restriction of processing where one of the following applies:

the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

we no longer need the personal data for the purposes of the processing, but we are required by the data subject for the establishment, exercise or defense of legal claims;

you have objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of Movestic override those of you.

Right to object

You have the right to object to processing of personal data concerning you, which is based on our legitimate interest, including profiling based on our legitimate interest.

Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller if the processing is carried out by automated means.

If you want to exercise any of the above rights, please contact our contact person as referred under 9. below.

If we are not required by law, we will not keep your personal data longer than necessary according to the purposes for which your data was collected and processed. How long we keep your personal data may vary depending on the specific situation, however typically:

Data collected for AML and anti-terror financing purposes – minimum five years after termination of the business relationship

Bookkeeping regulations – up to 10 years

Details relating to performance of an agreement – up to ten years after end of the relationship with the customer has terminated.

When personal data is no longer needed, we either irreversibly anonymise the data (we may further retain and use the anonymised information) or securely destroy the data.